84 lines
5.1 KiB
HTML
84 lines
5.1 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="reference" />
|
||
|
<meta name="DC.Title" content="Using JAAS with your JGSS application" />
|
||
|
<meta name="abstract" content="The IBM JGSS includes an optional JAAS login facility that allows the application to use JAAS to obtain credentials. After the JAAS login facility saves principal credentials and secret keys in the subject object of a JAAS login context, JGSS can retrieve the credentials from that subject." />
|
||
|
<meta name="description" content="The IBM JGSS includes an optional JAAS login facility that allows the application to use JAAS to obtain credentials. After the JAAS login facility saves principal credentials and secret keys in the subject object of a JAAS login context, JGSS can retrieve the credentials from that subject." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev10.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rzahajgssdev20" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Using JAAS with your JGSS application</title>
|
||
|
</head>
|
||
|
<body id="rzahajgssdev20"><a name="rzahajgssdev20"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Using JAAS with your JGSS application</h1>
|
||
|
<div><p>The IBM<sup>®</sup> JGSS
|
||
|
includes an optional JAAS login facility that allows the application to use
|
||
|
JAAS to obtain credentials. After the JAAS login facility saves principal
|
||
|
credentials and secret keys in the subject object of a JAAS login context,
|
||
|
JGSS can retrieve the credentials from that subject.</p>
|
||
|
<div class="section"><p>The default behavior of JGSS is to retrieve credentials and secret
|
||
|
keys from the subject. You can disable this feature by setting the Java™ property
|
||
|
javax.security.auth.useSubjectCredsOnly to false.</p>
|
||
|
<div class="note"><span class="notetitle">Note:</span> Although the pure Java JGSS
|
||
|
provider can use the login interface, the native iSeries™ JGSS provider cannot.</div>
|
||
|
<p>For
|
||
|
more information about JAAS features, see <a href="rzahajgssusejaas.htm">Obtaining
|
||
|
Kerberos credentials and secret keys</a>.</p>
|
||
|
<p>To use the JAAS login facility,
|
||
|
your application must follow the JAAS programming model in the following ways:</p>
|
||
|
<ul><li>Create a JAAS login context</li>
|
||
|
<li>Operate within the confines of a JAAS Subject.doAs construct</li>
|
||
|
</ul>
|
||
|
<p>The following code snippet illustrates the concept of operating within
|
||
|
the confines of a JAAS Subject.doAs construction:</p>
|
||
|
<pre> static class JGSSOperations implements PrivilegedExceptionAction {
|
||
|
public JGSSOperations() {}
|
||
|
public Object run () throws GSSException {
|
||
|
// JGSS application code goes/runs here
|
||
|
}
|
||
|
}
|
||
|
|
||
|
public static void main(String args[]) throws Exception {
|
||
|
// Create a login context that will use the Kerberos
|
||
|
// callback handler
|
||
|
// com.ibm.security.auth.callback.Krb5CallbackHandler
|
||
|
|
||
|
// There must be a JAAS configuration for "JGSSClient"
|
||
|
LoginContext loginContext =
|
||
|
new LoginContext("JGSSClient", new Krb5CallabackHandler());
|
||
|
loginContext.login();
|
||
|
|
||
|
// Run the entire JGSS application in JAAS privileged mode
|
||
|
Subject.doAsPrivileged(loginContext.getSubject(),
|
||
|
new JGSSOperations(), null);
|
||
|
}</pre>
|
||
|
</div>
|
||
|
</div>
|
||
|
<div>
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssdev.htm" title="Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.">Developing IBM JGSS applications</a></div>
|
||
|
</div>
|
||
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
||
|
<div><a href="rzahajgssdev10.htm" title="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services.">IBM JGSS application programming steps</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|